Lightweight Approach to Detect Drive-by Download Attacks Based on File Type Transition

A web-based attack, drive-by download attack, has been posing serious threats to Internet users. There are code analysis based methods and rule-based methods as countermeasures against drive-by download attacks. However, code analysis based methods require high analytical costs. Also, rule-based methods have difficulty in forming comprehensive detection rules to keep up with a change in the attack pattern. For network administrators to inspect a huge amount of communication data, a detection method must be developed that requires less costs to describe the attack's distinctive features and less effort to form detection rules. In this paper, we propose a lightweight and machine learning-based approach and evaluate the effectiveness.